Alerts This Week
Warning Icon 1 941
Alerts This Week
Warning Icon 1 941

Ubuntu 20.04 LTS OpenSSH Important Denial of Service Fix USN-8090-2

ubuntu
Calendar Grey March 12, 2026
Dist Ubuntu Esm H88
========================================================================== Ubuntu Security Notice US
Several security issues were fixed in OpenSSH.

Summary

Several security issues were fixed in OpenSSH.

Software Description:

- openssh: secure shell (SSH) for secure access to remote machines

Details:

USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the

corresponding updates for Ubuntu 20.04 LTS.

Original advisory details:

Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly

handled disconnecting clients. In non-default configurations where the

GSSAPIKeyExchange setting is enabled, a remote attacker could use this

issue to cause OpenSSH to crash, resulting in a denial of service, or

possibly execute arbitrary code. (CVE-2026-3497)

David Leadbeater discovered that OpenSSH incorrectly handled certain

control characters in usernames. When untrusted usernames and the

ProxyCommand are being used, an attacker could possibly use this issue to

execute arbitrary code. (CVE-2025-61984)

David Leadbeater discovered that OpenSSH incorrectly handled NULL

characters in ssh:// URIs. When the ProxyCommand is b...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service remote code execution Ubuntu important openssh

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  openssh-client                  1:8.2p1-4ubuntu0.13+esm1
                                  Available with Ubuntu Pro
  openssh-server                  1:8.2p1-4ubuntu0.13+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8090-2

https://ubuntu.com/security/notices/USN-8090-1

CVE-2025-61984, CVE-2025-61985, CVE-2026-3497

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8090-2

Topics%20covered

Topics Covered

security advisory denial of service remote code execution Ubuntu important openssh

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here